DOD and DHS Sign MOA Enhancing Coordination to Secure America’s Cyber Networks

The Department of Defense (DoD) and the Department of Homeland Security (DHS) have signed a memorandum of agreement that will align and enhance America’s capabilities to protect against threats to our critical civilian and military computer systems and networks. This MOA reflects US administration commitment to building an agency-wide approach to combating threats to national cyber networks and infrastructure. The agreement embeds DoD cyber analysts within DHS to better support the National Cybersecurity and Communications Integration Center (NCCIC) and sends a full-time senior DHS leader to DoD’s National Security Agency, along with a support team comprised of DHS privacy, civil liberties and legal personnel.

CSC Acquires Vulnerability Research Labs

CSC (NYSE: CSC) has acquired Vulnerability Research Labs (VRL), a privately held cyber threat intelligence firm. The acquisition enables CSC to enhance its cybersecurity support to public and commercial enterprises around the world by strengthening its ability to develop unique tools and techniques.

CSC’s cybersecurity offerings include vulnerability analysis and penetration testing, data loss prevention services, a full range of managed security services, a global cyber strike-force to respond to cybersecurity incidents, cyber forensics training and analysis, Common Criteria Test Laboratories in the US, Europe, and the Far East, and a worldwide infrastructure of Security Operations Centers. CSC’s nearly 2,000 cyber professionals serve commercial clients and public sector enterprises in the United States and overseas, including civilian departments and agencies, and defense organizations.

National Cybersecurity Awareness Campaign: Stop. Think. Connect.

The Department of Homeland Security (DHS) launches the “Stop. Think. Connect.” public cybersecurity awareness campaign—a national initiative that promotes simple steps the public can take to increase their safety and security online. “Stop. Think. Connect.” is a national public education campaign designed to increase public understanding of cyber threats and how individual citizens can develop safer cyber habits that will help make networks more secure. The campaign fulfills a key element of President Obama’s 2009 Cyberspace Policy Review, which tasked DHS with developing a public awareness campaign to inform Americans about ways to use technology safely.

“Stop. Think. Connect.” includes cyber forums hosted in collaboration with the National Centers of Academic Excellence to bring together diverse groups of community, private and government participants for dialogues on cybersecurity issues; opportunities for members of the public to get involved and help spread the word by leading or hosting campaign activities; and a coalition for public and private sector organizations.

Raytheon Acquires Technology Associates to Expand Cybersecurity Capabilities

Raytheon Company (NYSE: RTN) has acquired Technology Associates Inc., a privately held company that delivers full life-cycle computer engineering to mission-critical programs in the U.S. intelligence community. Technology Associates’ capabilities include data extraction and analysis; digital media intercept and exploitation; embedded system programming; and information assurance services. Established in 1990, Technology Associates has 110 employees and a proven track record of success in serving the intelligence community.

With headquarters in Reston, Va., Technology Associates becomes part of Raytheon’s Intelligence and Information Systems (IIS) business. Technology Associates President Preston Harrelle joins Raytheon and will continue to lead business operations while taking on a broader cyberstrategy role across the Information Security Solutions (ISS) product line.

ManTech Acquires QinetiQ Security and Intelligence Solutions Unit

ManTech International Corporation (NASDAQ: MANT), a leading provider of cyber security technologies and solutions for mission-critical national security programs, announced an agreement to acquire the assets of QinetiQ North America’s Security and Intelligence Solutions (S&IS) business for $60 million in cash. S&IS provides integrated security solutions to the Department of Defense and the intelligence community. The S&IS business will be integrated within ManTech’s Mission, Cyber and Technology Solutions group, led by L. William Varner.

S&IS generated about $60 million in revenue in 2010. S&IS recently won a prime position on the Missile Defense Agency Engineering and Support Services (MiDAESS) contract (Functional Group 6), a five-year indefinite delivery/indefinite quantity contract with a ceiling of $365 million.

Cyber Storm III Rising

Department of Homeland Security (DHS) announced the beginning of Cyber Storm III—a three-day long, DHS-sponsored exercise that brings together a diverse cross-section of the nation’s cyber incident responders to assess U.S. cyber response capabilities. Cyber Storm III is an exercise scenario that simulates a large-scale cyber attack on critical infrastructure across the nation. The goal of the exercise is to examine and strengthen collective cyber preparedness and response capabilities, involving thousands of participants across government and industry.

As part of Cyber Storm III, DHS will exercise elements of the newly-developed National Cyber Incident Response Plan (NCIRP)—a blueprint for the Nation’s cybersecurity incident response.

Cyber Storm III participants include:

• Administration-Wide—Seven Cabinet-level departments including Commerce, Defense, Energy, Homeland Security, Justice, Transportation and Treasury, in addition to the White House and representatives from the intelligence and law enforcement communities.
• Eleven States—California, Delaware, Illinois, Iowa, Michigan, Minnesota, North Carolina, New York, Pennsylvania, Texas, Washington, as well as the Multi-State Information Sharing and Analysis Center (ISAC).
• 12 International Partners—Australia, Canada, France, Germany, Hungary, Italy, Japan, the Netherlands, New Zealand, Sweden, Switzerland, and the United Kingdom.
• 60 Private Sector Companies—DHS worked with representatives from the Banking and Finance, Chemical, Communications, Dams, Defense Industrial Base, Information Technology, Nuclear, Transportation, and Water Sectors, as well as the corresponding Sector Coordinating Councils and ISACs, to identify private sector participants.

Cyber Storm III also represents the first major exercise testing the new National Cybersecurity and Communications Integration Center (NCCIC)—which serves as the hub of national cybersecurity coordination and was established in October of 2009.

Alexander Details U.S. Cyber Command Gains

By Jim Garamone
American Forces Press Service

WASHINGTON, Sept. 24, 2010 – Establishing U.S. Cyber Command closed the gap that prevented the Defense Department from defending its crucial information networks, the organization’s commander told the House Armed Services Committee yesterday.

Cybercom, based at Fort Meade, Md., merges the offensive and defensive sides of DOD’s cyber world into one organization for the benefit of both sides, said Army Gen. Keith B. Alexander, who also is director of the National Security Agency.

The command stood up in May. Before that, Joint Task Force Global Network Operations was responsible for defense.

“That task force got one level of intelligence and could see one part of the network,” Alexander told the committee. “Operating on the other side was the Joint Functional Component Command Net Warfare trained at a different level with different intel insights at a different classification level.”

Two organizations had responsibility for the same network, the general explained. “And if you were operating at the National Training Center, you wouldn’t have the defensive team out there defending, and then take them off the field and run out with an offensive team,” he said. “It’s the same team.”

The offense and defense cannot be different, because these operations will occur in real time, the general said.

“It’s also an experience that we’ve seen in some of our red team and blue teams of what’s happening in our networks,” he said. “And I think that’s a huge and a positive step and goes significantly toward providing better support to the [combatant commands].”

A subunified command under U.S. Strategic Command, Cybercom has about 1,000 servicemembers and civilian employees. The command has a budget of about $120 million this year, and is programmed for about $150 million in fiscal 2011.

“We need the continued support of Congress and the resources that the department is putting forward for the component commands that we have here,” Alexander said. “It is going to have to grow. Each of them are looking at this and addressing that, and we will need your continued support to make that happen.”

But the command also needs authorities and guidance from Congress and the White House to ensure a good defense. Alexander said the thinking is that any cyber defense will require a team effort incorporating the Homeland Security Department, the FBI, the Defense Department and other concerned public and private agencies.

“Right now, the White House is leading a discussion on what are the authorities needed and how do we do this and … how will that team operate to defend our country?” he said. “What they will look at across that is what are the authorities, what do we have legally, and then given that, what do we have to come back to Congress and reshape or mold for authorities to operate in cyberspace?”

Alexander went on to describe different forms of the cyber threat.

“Since the inception of the Internet, as it were, probably the key thing that we’ve seen is hacker activity and exploitation,” he said. “That’s where someone comes in and takes information from your computer, steals your credit card number, takes money out of your account.”

That threat endures, and it possibly is the most significant form of the threat, the general said. It is not just stealing American intellectual property, he noted, but also involves theft of U.S. secrets and compromising other parts of U.S. networks.

Fast-forward to 2007, when Estonia became the first nation attacked in cyberspace.

“We see a shift from exploitation to actually using the Internet as a weapons platform to get another country to bend to the will of another country,” Alexander said. “While it’s hard to attribute that to a nation state, you can see it did happen when two nations were quarreling over political issues.”

Disruptive cyber attacks on Georgia followed in 2008. “A disruptive attack prevents you from doing your business for the time being,” the general explained, but it’s normally something that you can recover from and then go on and do your business.

“What concerns me the most,” he continued, “is destructive attacks that are coming, and we’re concerned that those are the next things that we will see.”

Destructive attacks destroy equipment, Alexander said, and the victim cannot take the same equipment and just drive forward.

“It’s not something that you recover from by just stopping the traffic,” he said. “It is something that breaks a computer or another automated device and, once broken, has to be replaced. That could cause tremendous damage.”

DOD is concerned if that happens in a war zone to defense networks, Alexander said.

“If that were to happen in a war zone, that means our command and control system and other things suffer,” he said. “We’ve got to be prepared for that both from a defensive perspective, and then to ensure that the enemy can’t do that to us. Again – a full operational capability.”

DOD classified networks have been breached. A foreign intelligence agency used a flash drive to put a virus into U.S. Central Command networks in 2008. The department launched Operation Buckshot Yankee to combat the worm, and Cybercom has drawn lessons from the experience.

“We actually had three parts that came out of that Operation Buckshot Yankee – culture, conduct and capability,” Alexander told the representatives. “On the culture side, it was getting commanders to understand this is commander’s business. This isn’t something that you say, ‘I’m going to have one of my staff run it.’ This is commander’s business. Commanders are responsible for the operation of their command. And this operational network, it’s important to them.”

Department of Energy Announces Investments to Address Cybersecurity

DOE announced the investment of more than $30 million for ten projects that will address cybersecurity issues facing the nation’s electric grid. Together, these projects represent a significant investment in addressing cybersecurity issues in the nation’s electric infrastructure.

The DOE investments address cyber security concerns from two approaches:
1) research and development on innovative cybersecurity solutions and
2) the establishment of the National Electric Sector Cybersecurity Organization.

Innovative Cybersecurity Solutions - $20 million
As the energy infrastructure becomes more advanced, it must meet and address cybersecurity challenges along the way. These eight projects will research, develop, and commercialize a comprehensive range of cybersecurity solutions to strengthen the U.S. energy infrastructure against cyber intrusion and assist owners and operators in complying with cybersecurity regulations. Together, these projects will bring cyber security and privacy protection into the utilities, out to the substations, and to homes.

One of the projects being funded is:
Sypris Electronics - Centralized Cryptographic Key Management (Tampa, FL)
This project will enhance the security of the Smart Grid meters at residences, by ensuring the data remains private through providing and managing electronic data keys that only allow trusted parties to access the data and prevent intruders from doing the same. This project will receive $3.1 million in funding.

National Electric Sector Cybersecurity Organization - $10 million
The National Electric Sector Cybersecurity Organization (NESCO) will be a broad-based, public-private partnership that will work to improve electric sector computer and network cybersecurity, including those used in the smart grid. Working with the DOE and other federal agencies, it will bring together domestic and international experts, software developers and users to focus research efforts; to assess and test the security of new cyber technologies, architectures, and applications; and analyze, monitor, and disseminate infrastructure weaknesses and threats.

Two organizations will receive awards to support this effort. One, described below, will form the organization, NESCO. The other recipient, the Electric Power Institute, Inc. (EPRI), will provide a research and analysis resource for NESCO.

Energy Sector Security Consortium, Inc. (EnergySec) (Clackamas, OR) - EnergySec will form the organization to be known as NESCO. It will work to improve electric system reliability by supplying data analysis and forensics capabilities for cyber-related threat. It will also assist in creating a framework to identify and prepare for challenges to grid reliability; share information, best practices, resources, and solutions to and from domestic and international electric sector participants; and encourage key electric sector supplier and vendor support and interaction. This project will receive $5.9 million in funding.

Cybercom Chief Details Cyberspace Defense

By Jim Garamone
American Forces Press Service

WASHINGTON, Sept. 23, 2010 – U.S. Cyber Command stands ready to defend Defense Department networks, but laws and policies must be updated to protect the nation, the organization’s commander said yesterday.

Army Gen. Keith B. Alexander is the first commander of Cybercom, which stood up under U.S. Strategic Command in May, merging DOD’s defensive and offensive cyber arms into one command.

The command operates in a new domain for the military – the man-made domain of cyberspace. The domain is just as important for military operations as land, sea, air and space, defense officials said. Cybercom directs military operations in cyberspace and is responsible for defense of crucial military networks.

The threat is real and continuing, Alexander said.

“The more you learn, the more you say we have to come together to protect this,” the general said during a roundtable with reporters at the National Cryptologic Museum. Noting that Defense Department networks are scanned or probed 250,000 times an hour, Alexander said, “we have to do a better job defending it.”

The networks are the lifeblood of commerce, power, finance and many other aspects of life today. There are 1.9 billion Internet users in the world today, Alexander said, and 4.6 billion cellular phone subscribers. The number of e-mails each day this year is around 247 billion, with 90 trillion e-mails sent in 2009. The Internet is a tremendous capability, Alexander said, but it also is an enormous vulnerability.

“Our intellectual property here is about $5 trillion,” he said. “Of that, approximately $300 billion is stolen over the networks per year.”

Cybercom’s three main missions are to defend the defense information grid, launch the full spectrum of cyber operations on command, and to stand prepared to defend the nation’s freedom of action in cyberspace, Alexander said.

The command has a budget of $120 million for this year and has about 1,000 military and civilian employees. Included in this is a 24/7 joint operations center that monitors the grid, detects attacks and neutralizes them. The command works with the Air Force, Navy, Army and Marine Corps cyber commands to parcel out how to defend the networks and who has responsibility for the specific nets.

Assigning responsibility needs to happen throughout the government, the general said, noting that technology has outpaced policy and law. The government, he added, still is dealing with laws that came out when the nation relied on rotary phones.

“The laws we did 35, 40 years ago are what we have to update,” he said.

Alexander put two issues on the table. “First, we can protect civil liberties and privacy and still do our mission,” he said. “There can be mistakes, but we can protect the First Amendment.”

The second issue, he said, is that Cyber Command is defending the DOD networks now, and as directed, can help the Homeland Security Department defend its networks.

There is confusion over who does what, the general acknowledged, so White House officials are leading an effort to sort through the needs of cybersecurity and update the policies and issues. “They are looking at the policies and authorities that need [re-]doing, and what’s the right way to approach it,” he said.

Once the review is finished, he explained, the president must determine how the federal government will be organized to handle this.

Congress is also looking at the problems. “From my perspective,” Alexander said, “I would like to war-game it and hypothesize what could happen and ensure the policies, laws and authorities allow us to do what people expect us to do. I don’t want to fail in meeting the expectations of the American people, the White House and Congress.”

Changing the policy is complex, and will take time and several tries to do it right, Alexander said. The general said he envisions a team handling things in cyberspace. The DHS, the FBI, other government agencies and private stakeholders – along with Cybercom – all have a role, he said, and getting the disparate agencies and entities to work together will be a priority for cyber defense.

Some questions still need to be answered, and policy makers need to take them into consideration, Alexander said.

They include:

– What constitutes a cyber attack?

– How do the laws of war pertain to operations in cyberspace?

– What does deterrence look like in the cyber world, where it can take months to determine attack perpetrators and the cyber defense group may have nothing to strike back at?

These questions are valid, the general emphasized. In 2007, Estonia was hit by a cyber attack that crippled that nation’s grid for weeks, he said, and a foreign intelligence agency compromised a classified U.S. military system in 2008.

The attacks can be disruptive, like the Estonia attack, or destructive, with lives lost and equipment and networks destroyed, Alexander said.

“Those are the kind of rules that have to be weighed and discussed,” he added. “It’s good to have that debate, and from my perspective, it is important that it is clear who has the responsibility to defend in that kind of requirement.”

BAE Systems to Provide Cyber Security to FBI in $40 Million Order

BAE Systems was selected to provide critical information security safeguards, including certification and accreditation, to ensure the confidentiality and privacy of FBI computer networks in the United States and around the world. Under a $40 million order, BAE Systems serves as the prime contractor offering information security risk assessments, a form of quality control. The information assurance process is cyclical and is continuously monitored and improved as risks change so that data, some of it classified, is transmitted, stored and protected safely.

Continuous monitoring is a technique to address the security impacts on an information system resulting from changes to the hardware or software during the lifecycle.

“We’re serving as the gatekeepers for the FBI in the cyber world,” said Tom Sechler, a vice president and general manager of the company’s Intelligence & Security sector. “With the level of management, expert staffing and quality control that we’re providing the customer, everyone at the FBI can click ‘send’ with peace of mind.”

It is the first order awarded in the Information Assurance Program Support contract vehicle, a five-year Indefinite Delivery/Indefinite Quantity effort valued at $134 million.

BAE Systems’ Intelligence & Security sector, based in Arlington, VA, focuses on four core customer missions – intelligence and counterintelligence, homeland security, law enforcement, and support to military operations.